1 / 15

A new DNS implementation

A new DNS implementation. Primary Design goals “drop-in” replacement for BIND and NSD Standards (RFC) compliant Performance (queries ~ TLD level) Authoritative DNSSEC support AXFR/IXFR support (master and slave) (BIND) zone files as storage Secondary goals

jada
Download Presentation

A new DNS implementation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A new DNS implementation • Primary Design goals • “drop-in” replacement for BIND and NSD • Standards (RFC) compliant • Performance (queries ~ TLD level) • Authoritative • DNSSEC support • AXFR/IXFR support (master and slave) • (BIND) zone files as storage • Secondary goals • Dynamic update API (update content of zones on the fly) • Dynamic provisioning (add/remove zones on the fly) • “higher level storage” backend (sql db, ...) • Recursive caching resolver?

  2. Current Status - Features • Authoritative • Load/parse zone files (BIND style files) • Include, *, @, / • Resource record types • SPF, SRV, NAPTR • SOA, A, AAAA, NS, CNAME, PTR, HINFO, MX, TXT • DNSKEY, DS, RRSIG, NSEC, NSEC3, NSECPARAM • Zone transfer • Master & Slave, AXFR / IXFR • Notify, TSIG • Nsupdate (add, remove RR) • DNSSEC • RSASHA1(5,7) • Online re-signing

  3. Current Status – 1.0 RC2 • YADIFA 1.0 RC2 packages available on yadifa.eu • x86 64bit • CentOS 5 • CentOS 6 • Debian 6 • Ubuntu • FreeBSD • OSX Lion • x86 32bit • CentOS 5 • CentOS 6 •  Debian 6

  4. Coming up • “Near Future” (coming months) • DSA/SHA1, DSA-NSEC3-SHA1, RSASHA256, RSASHA512 • Full client to “control” the name server daemon (1.0 does stop and reload) • Dynamic zone management (add/remove zones on the fly) • “Not so Near Future” • Caching resolver • Validating • Sql backend API • End June 2012 • BSD open source

  5. Load times comparison • .com zone file (198 million lines) • 100.000 zones (7 RR) (Dual Xeon 2.1Ghz, 48Gb, Linux Debian) EURid Feb. 2012

  6. Dynamic Provisioning • Adding and removing zones • Without interrupting “production” • Centrally managed • Extension of RFC 2136 “Dynamic Updates in the Domain Name System (DNS UPDATE)” • Extend existing channel to “master” • (Re)use existing channel between “master” and “slave”

  7. Dynamic Provisioning • 4. Dyn. Upd. message : {abc.eu} • Master : NS1 • Slave : NS2 + NS3 • .... • 1. Dyn. Upd. message : • {abc.eu} • Master : NS1 • Slave : NS2 • .... Name server 2 2. Notify : {abc.eu} • 3. AXFR/IXFR: • {abc.eu} • Master(NS1) • .... Name server 1 Name server 3 All name servers are configured with a minimal set of access control rules

  8. Dynamic Provisioning • Dynamic Update Message +---------------------+ | Header | +---------------------+ | Zone | +---------------------+ | Prerequisite | +---------------------+ | Update | +---------------------+ | Additional Data | +---------------------+

  9. Dynamic Provisioning • Zone Section 1 1 1 1 1 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | | / ZNAME / / / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | ZTYPE | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | ZCLASS | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ abc.eu SOA 0x2a

  10. Dynamic Provisioning • Prerequisite Section • When adding -> should not exist • When removing -> should exist • ...

  11. Dynamic Provisioning • Update Section 1 1 1 1 1 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | | / NAME / | | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | TYPE | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | CLASS | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | TTL | | | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | RDLENGTH | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--| / RDATA / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ abc.eu zonetype, zonefile, zonenotify, master,dnssec, ... 0x2a

  12. Dynamic Provisioning • Update Section

  13. Dynamic Provisioning • “Activate” new configuration • “Query like” message • NAME : abc.eu • CLASS : 0x2a • TYPE : freeze | unfreeze | merge | save • Check status • NAME : <STATUS> • CLASS : 0x2a • TYPE : <whatever you need to follow up and check on>

  14. One slide to say it all..... URL : http://www.yadifa.eu EMAIL : info@yadifa.eu Mailinglists : yadifa-announce, yadifa-users yadifa.eu. NS ns.yadifa.eu. NS yadifa.eurid.eu. yadifa.eu DNS is served by YADIFA! YADIFA 1.0 RC binaries available now  CentOS (32&64bit) Debian (32&64bit)  freeBSD (64bit) osX(Lion) (64bit) LET US KNOW WHAT Y::O::U THINK, PLEASE GET INT::O:U:C:H YADIFA 1.2  BSD open source license  June 2012

More Related